Vulnerability Name: | CVE-2012-3835 (CCN-75297) | ||||||||||||||||||||||||||||||||||||||||
Assigned: | 2012-04-29 | ||||||||||||||||||||||||||||||||||||||||
Published: | 2012-04-29 | ||||||||||||||||||||||||||||||||||||||||
Updated: | 2017-08-29 | ||||||||||||||||||||||||||||||||||||||||
Summary: | Multiple cross-site scripting (XSS) vulnerabilities in AlienVault Open Source Security Information Management (OSSIM) 3.1 allow remote attackers to inject arbitrary web script or HTML via the (1) url parameter to top.php or (2) time[0][0] parameter to forensics/base_qry_main.php, which is not properly handled in an error page. | ||||||||||||||||||||||||||||||||||||||||
CVSS v3 Severity: | 5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
| ||||||||||||||||||||||||||||||||||||||||
CVSS v2 Severity: | 4.3 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.1 Medium (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N/E:H/RL:U/RC:UR)
4.1 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N/E:H/RL:U/RC:UR)
| ||||||||||||||||||||||||||||||||||||||||
Vulnerability Type: | CWE-79 | ||||||||||||||||||||||||||||||||||||||||
Vulnerability Consequences: | Gain Access | ||||||||||||||||||||||||||||||||||||||||
References: | Source: MITRE Type: CNA CVE-2012-3835 Source: CCN Type: SA49005 OSSIM Cross-Site Scripting and SQL Injection Vulnerabilities Source: SECUNIA Type: Vendor Advisory 49005 Source: CCN Type: Alienvault Web Site Open Source Security Information Management Source: MISC Type: Exploit http://www.darksecurity.de/index.php?/211-KORAMIS-ADV2012-002-Alienvault-OSSIM-Open-Source-SIEM-3.1-Multiple-security-vulnerabilities.html Source: EXPLOIT-DB Type: Exploit 18800 Source: MISC Type: Exploit http://www.koramis.com/advisories/2012/KORAMIS-ADV2012-002.txt Source: BID Type: Exploit 53331 Source: CCN Type: BID-53331 AlienVault Open Source SIEM (OSSIM) SQL Injection and Cross Site Scripting Vulnerabilities Source: XF Type: UNKNOWN alienvault-multiple-xss(75297) Source: XF Type: UNKNOWN alienvault-multiple-xss(75297) Source: EXPLOIT-DB Type: EXPLOIT Offensive Security Exploit Database [04-29-2012] | ||||||||||||||||||||||||||||||||||||||||
Vulnerable Configuration: | Configuration 1: Denotes that component is vulnerable | ||||||||||||||||||||||||||||||||||||||||
Oval Definitions | |||||||||||||||||||||||||||||||||||||||||
| |||||||||||||||||||||||||||||||||||||||||
BACK |